Sticky sessions

  • Hi, I'm not sure if this has been answered before so I apologize if it has but I'm running pfsense 2.0rc3 in a production environment and I'm having an issue with sticky sessions just not working, I'm round robin load balanced across 4 WAN connections and 1 LAN, I realize I could create static routes for websites that I'm having issues with, but it's a large number of websites and constantly being added too, I'd rather get sticky sessions working, it was one reason I came over to pfsense (we used to use vyatta, vyatta has no support for sticky sessions), my state table is fine and on the higher end maybe 7000 entries, memory usage is low.

    one example of a website where this is always a problem is

    any idea's?

  • actually it should be noted that for the joomla forum website I get this state

    tcp 206.x.x.171:80 <- FIN_WAIT_2:FIN_WAIT_2 
    tcp -> 173.x.x.66:64621 -> 206.x.x.171:80 FIN_WAIT_2:FIN_WAIT_2

    as an example, so it appears the server has closed the connection and gotten the close response from the client, in that regard it would suggest that any additional connections would be considered a new state, no? That would make sense as to why they go out on different WAN's.

    I suppose that is session storing on the joomla servers?

  • Rebel Alliance Developer Netgate

    A patch just went in last night to improve the handling of sticky connections, try a snapshot dated today (or after) when one gets generated.

  • awesome, I can't wait! I really hope this fixes it, in my opinion it would make pfsense far superior then any other firewall as no others support sticky sessions properly  ;D

  • I hope that patch fixes the issues I'm having with sticky connections, Im updating to the snapshot of Jul 1 now.
    The issue I have with sticky connections seems to be described by this FreeBSD kernel bug:

  • Unfortunately my problem is not solved by the latest snapshot. It seems user bEsTiAn is experiencing the same issue with his 2 smtp servers behind pfsense and outgoing connections failing 50/50 of the time described in the post here:,33504.0.html

  • I can also confirm that snapshot for July 1st 2011 still isn't working with sticky sessions….it's no worse, just not any better.

  • Ermal imported a patch from OpenBSD that is suspected to fix this, it's in 2.0 snapshots from today or newer.

  • unfortunately as of 2.0RC3 built on July 4th 16:49:48 EDT this problem still exists

  • Just tested sticky connections with 2.0-RC3 (i386) built on Wed Jul 13 18:38:42 EDT 2011

    No improvement.

